We are happy to announce mysqlgrants, a new
utility that allows users to display the privileges of grantees
over database objects. Together with
mysqlbinlogmove, these are the new utilities
included in MySQL Utilities release-1.6.0 Alpha.

Mysqlgrants allows you to know which users have access to a
specific object or list of objects. Furthermore, it can also show
the list of privileges that each user has over said object(s). In
short, mysqlgrants simplifies the task of monitoring grants in
MySQL helping you ensure users do not have more permissions than
necessary, thus keeping data more secure.

The order of solutions here under gets more creative on the way
down :)

1. obviously, before starting messing around check my.cnf or
scripts for passwords entries, then try home directories for
password files
2. secondly – can you restart mysql? if yes, restart with
–skip-grant-tables, log into mysql, change your password and
restart without –skip-grant-tables
3. third option – (on linux / unix ONLY)
If you haven’t found the password anywhere and can’t afford to
restart your mysql.

Around these days last year I presented `securich` for the first
time. It was at froscon 2009, barely knowing anybody, spending my
27th birthday in a hostel in Germany fixing some bugs before the
actual presentation on a 10 inch netbook (my mac had some
problems at the time but thats another story :)). I got a
beating, verbally of course! Many of the people listening to the
presentation were expecting something else since another
presentation was supposed to be running at that time, some even
started dozing off (encouraging? not really hehe) but after a few
minutes people started getting …

This Thursday (February 25th, 13:00 UTC - way
earlier than usual!), Darren Cassar will present Securich - Security Plugin for MySQL.
According to Darren, the author of the plugin, Securich is an
incredibly handy and versatile tool for managing user privileges
on MySQL through the use of roles. It basically makes granting
and revoking rights a piece of cake, not to mention added
security it provides through password expiry and password
history, the customization level it permits, the fact …

This Thursday (February 25th, 13:00 UTC - way
earlier than usual!), Darren Cassar will present Securich - Security Plugin for MySQL.
According to Darren, the author of the plugin, Securich is an
incredibly handy and versatile tool for managing user privileges
on MySQL through the use of roles. It basically makes granting
and revoking rights a piece of cake, not to mention added
security it provides through password expiry and password
history, the customization level it permits, the …

This Thursday (February 25th, 13:00 UTC - way
earlier than usual!), Darren Cassar will present Securich - Security Plugin for MySQL.
According to Darren, the author of the plugin, Securich is an
incredibly handy and versatile tool for managing user privileges
on MySQL through the use of roles. It basically makes granting
and revoking rights a piece of cake, not to mention added
security it provides through password expiry and password
history, the customization level it permits, the …

MySQL has an unusual grants system that allows a user to be
specified by host, ip or network address. That is you identify a
user as ’some_user’@'host.host.name’, ’some_user’@'1.2.3.4′ or
’some_user’@'10.3.%’.

That is quite a nice facility but using it is rather tricky. This
potentially provides a lot more security as it allows you to
specify that different types of database users can only perform
certain actions from different types of hosts. So even if you
know the user and password you may have trouble getting into a
mysqld server. That’s good.

However, this flexibility comes at a price. There are no tools to
help you manage this and I …

A MySQL is running happily on a machine situated in a land far
far away. I grant access to a user@machine_aaaaaa (grant select
on db.* to ‘user’@'machine_aaaaa’ identified by ‘password’; flush
privileges;), send an email to the user saying it should run fine
and happily go off my way. Mistake!

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.